Two of the three remaining vulnerabilities address issues in the Windows operating system as well. Security bulletin MS11-054 describes a vulnerability in Windows Kernel-Mode drivers that could allow elevation of privileges, while bulletin MS11-056 a vulnerability in the Windows Client and Server run-time subsystem.

All supported Microsoft client and server operating systems are affected by the two security vulnerabilities. The last issue is a vulnerability in Microsoft Visio.

Here is an overview of all four security bulletins with links to their pages at the Microsoft Technet website.

• MS11-053 – Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
• MS11-054 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
• MS11-056 – Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)
• MS11-055 – Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)

The patches are as usual already available via Windows Update, Microsoft Update and via the Microsoft Download Center. The monthly exploit mitigation guide at the Technet Security blog provides additional information about the vulnerabilities and deployment strategies.

Probably the easiest way to deploy the security updates to a single system is via Windows Update.

Just click on Start > All Programs > Windows Update to open the update screen. You may need to click on Check for updates on the left sidebar if your computer has been up for some time and the updates are not displayed directly in the main window.

Have you updated your system yet? Am I the only user who feels that Microsoft’s Download Center is not usable at all at the moment?

Jerry Bryant, the Senior Security Communications Manager, states that Microsoft has not yet ” confirmed that the issue is specific to MS10-015″ as it could also be an “interoperability problem with another component or third-party software”.

Microsoft has pulled the security update from Windows Update after being notified about the restart issue. The company has created a workaround fix in form of a Fix It solution that should be applied by users who do have not yet installed the update

Users are encouraged to install the Fix It solution to protect their operating system from the security vulnerability.

As you may recall from previous blog posts, MS10-015 is an Elevation of Privilege that would require the attacker to have valid credentials in order to be able to leverage the vulnerability in an attack. Several other updates in this release were identified as having a high priority for deployment and we continue to encourage customers to thoroughly test the updates and deploy them immediately. At this time, we are not aware of any issues with the other updates that were released this month and we continue to encourage customers to install them as soon as possible in order to help ensure that they protected from the vulnerabilities they address.

Users who are experiencing the restart issue are asked to contact Microsoft support either by web or by phone. The contact information are provided in the blog post at the MSRC blog.

• Microsoft Security Bulletin MS10-001 – Critical Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  This security update is rated Critical for Microsoft Windows 2000, and is rated Low for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Adobe has released security updates for Adobe Reader and Adobe Acrobat which patch critical vulnerability in Adobe Reader 9.2 and Adobe Acrobat 9.2 for Windows, Macintosh and Unix as well as Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh.

• These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Reader 9.2 and Acrobat 9.2 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3 and Acrobat 9.3. Adobe recommends users of Acrobat 8.1.7 and earlier versions for Windows and Macintosh update to Acrobat 8.2. For Adobe Reader users on Windows and Macintosh who cannot update to Adobe Reader 9.3, Adobe has provided the Adobe Reader 8.2 update. Updates apply to all platforms: Windows, Macintosh and UNIX.

The portable software program will display a list of supported operating systems (Windows 2000, Windows XP, Windows Server 2003, Windows XP, Windows Vista and Windows Server 2008) and dozens of supported languages.

A second tab contains the same options for Microsoft’s Office suites (Office 2000, Office XP, Office 2003 and Office 2007). Below that selection are several additional options that include the following:

• Excluding Service Packs
• Verifying downloads
• Including the .net Framework 3.5 SP1
• ISO image creation per selected product and language or per selected language
• Copying updates to USB

Offline Update can be downloaded directly from the (German) homepage of the software developer. The software itself uses an English language interface.

• Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
• Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
• Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
• Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
• Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
• Cumulative Security Update for Internet Explorer (963027)
• Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
• Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)

The easiest way to update is by visiting Windows Update or Microsoft Update. Please read our Windows Update Fix article if Windows Update is not working properly on your computer system. Alternatives are so called offline updates like Offline Update, Autopatcher or Update Windows Without Microsoft.

It is recommended to update the computer system as soon as possible to close the vulnerabilities.

The security bulletin resolves three vulnerabilities in Microsoft Server Message Block (SMB) Protocol which could allow remote code execution on affected systems. An attacker could run programs, create new user accounts and view, change or delete data on the computer system. It is interesting to note that Windows 7 is affected as well even though it is not mentioned in the security bulletin.

The security vulnerability would be rated as moderate for the upcoming operating system which is why Microsoft will not provide a patch at the current time (They chose to only patch critical security vulnerabilities immediately). A patch will be released with the next public release of Windows 7.

Patches can be applied as usual through the various official update channels.